CVEDB API

Vulnerabilities

Vulnerable Software

Humhub: Security Vulnerabilities

CVE-2019-12743

HumHub Social Network Kit Enterprise v1.3.13 allows remote attackers to find the user accounts existing on any Social Network Kits (including self-hosted ones) by brute-forcing the username after the /u/ initial URI substring, aka Response Discrepancy Information Exposure.

CVSS Score

5.3

EPSS Score

0.002

Published

2019-07-29

CVE-2019-11564

A cross-site scripting (XSS) vulnerability in HumHub 1.3.12 allows remote attackers to inject arbitrary web script or HTML via a /protected/vendor/codeception/codeception/tests/data/app/view/index.php POST request.

CVSS Score

6.1

EPSS Score

0.017

Published

2019-05-08

CVE-2019-9093

A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in file/file/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing a JavaScript payload in the filename parameter is echoed back, which resulted in reflected XSS.

CVSS Score

6.1

EPSS Score

0.002

Published

2019-03-21

CVE-2019-9094

A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in /s/adada/cfiles/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing JavaScript in the filename is echoed back in JavaScript code, which resulted in XSS.

CVSS Score

6.1

EPSS Score

0.002

Published

2019-03-21

CVE-2016-1229

Cross-site scripting (XSS) vulnerability in HumHub 0.20.0-beta.1 through 0.20.1 and 1.0.0-beta before 1.0.0-beta.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVSS Score

5.4

EPSS Score

0.002

Published

2016-06-05

CVE-2014-9528

SQL injection vulnerability in the actionIndex function in protected/modules_core/notification/controllers/ListController.php in HumHub 0.10.0-rc.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the from parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks via a request that causes an error.

CVSS Score

7.5

EPSS Score

0.032

Published

2015-01-06

Page 2

Vulnerabilities

Vulnerable Software

Humhub: Security Vulnerabilities

Products

Pricing

Contact Us